Former senior NDTV journalist Nidhi Razdan announced on Friday, 15 January that she had been the victim of “a very serious phishing attack.” She revealed that her being appointed to the post of an associate professor at Harvard University, which she had earlier announced, was in fact an elaborate hoax.
In June 2020, Razdan had quit her job at NDTV after 21 years on account of having received an offer from Harvard University. However, she eventually realised that the interactions were fake.
This startling revelation that set social media abuzz and got #Harvard and #NidhiRazdan trending on Twitter has also raised questions about what phishing is, how it operates and how does one stay alert to such scams.
What exactly is a “phishing” attack?
Phishing is a cyber attack that uses disguised email as a weapon. It aims to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment, says cybersecurty organisation CSO.
According to CSO, what really distinguishes phishing is the form the message takes: The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.
It's one of the oldest types of cyberattacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.
How does one identify phishing attacks?
While a typical phishing attack does contain the element of impersonation of an entity to trick the victim, the motivation is usually to steal personal information such as credit card number or bank details for monetary gain. In Razdan’s case, it isn’t clear if there was any theft of money involved.
In her statement, she said, "Perpetrators of this attack used clever forgeries and misrepresentations to obtain access to my personal data and communications and may have also gained access to my devices and my email/social media accounts.”
How is a phishing attack executed?
As an example, you could be on the receiving end of an email or a message that looks like it has been sent by the World Health Organisation (WHO) regarding COVID-19, the Ministry of Health, or even your own organisation.
This email or message would mimic an official announcement and could potentially contain a link that would prompt you to enter your login credentials.
Entering your login credentials is enough for hackers, as they can use this to get all your records and personal details. What is even more dangerous is that if you are logged into your company's network, the cybercriminals could find their way into that as well and attack the host network.
You could also receive emails containing malware, which could be in the form of an attachment saying it contains details that may claim to offer cure from the virus outbreak for those who’re affected.
The mail could also have a message impersonating the government. In such cases, downloading any attachment should be strictly avoided, or else the hackers could steal confidential data which can be sold in the dark web.
How to keep yourself safe from such phishing attacks?
So how can you prevent yourself from getting scammed due to the novel coronavirus? Here are a few handy tips.
- Check the sender’s address - if you have received an email or a message that looks fishy, look at the email address or the phone number of the sender.
- Check the link - if the email or message redirects you to an external webpage, it could contain misspelled words like “coronnavirus” or “COVID-9” instead of COVID-19. Check for these errors and misspellings. The best thing to do would be to go to WHO’s website and check whether the information is legitimate or whether you're being scammed.
- Don't open attachments - avoid opening or downloading attachments that look suspicious. There is a high chance that they contain malware.
- Get antivirus software - keep your system protected by having antivirus software and update it regularly. It can go a long way in protecting your personal data and credentials.
- Download apps only from Google and Apple's app store - don't download applications from third-party websites or try to side load apps on your devices from uncertain sources.